On 09/11/2013 01:56 PM, Corey Bryant wrote:
On 09/06/2013 03:21 PM, Eduardo Otubo wrote:
1) On qemu-seccomp.c:255, the variable ctx was being used
uninitialized; now it's initialized with NULL and it's being checked at
the end of the function.
2) Changed the name of the command line
a system call blacklist right before the vcpus starts. This
filter is composed by the system calls that can't be executed after the
guests are up. This list should be refined as whitelist is, with as much
testing as we can do using virt-test.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
blacklist
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-options.hx | 8 +---
vl.c| 17 -
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/qemu-options.hx b/qemu-options.hx
index d15338e..05485e1 100644
--- a/qemu-options.hx
+++ b
1) On qemu-seccomp.c:255, the variable ctx was being used
uninitialized; now it's initialized with NULL and it's being checked at
the end of the function.
2) Changed the name of the command line option from enable to
sandbox for a better understanding from user side.
Signed-off-by: Eduardo
in their own commit messages.
The environment in which the second whitelist is installed seems to need less
system calls than the first, so the procedure here will be the same: Keep
testing with virt-test and get to the smallest list as possible.
Eduardo Otubo (3):
seccomp: adding blacklist
On 10/08/2013 11:05 PM, Eric Blake wrote:
On 10/08/2013 06:42 PM, Eduardo Otubo wrote:
v3: The -netdev tap option is checked in the vl.c file during the
process of the command line argument list. It sets tap_enabled to true
or false according to the configuration found. Later at the seccomp
On 10/08/2013 09:42 PM, Eduardo Otubo wrote:
v3: The options for blacklist in the command line also checkes the
existence of -netdev tap, leaving a warning message in a positive
case.
New command line options for the seccomp blacklist feature:
$ qemu -sandbox on[,strict=on|off]
The strict
Inverting the way sandbox handles arguments, making possible to have no
argument and still have '-sandbox on' enabled.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
The option '-sandbox on' is now used by default by virt-test[0] -- it has been
merged into the 'next' branch
On 10/22/2013 11:00 AM, Anthony Liguori wrote:
On Tue, Oct 22, 2013 at 12:21 PM, Eduardo Otubo
ot...@linux.vnet.ibm.com wrote:
Inverting the way sandbox handles arguments, making possible to have no
argument and still have '-sandbox on' enabled.
Signed-off-by: Eduardo Otubo ot
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu
Hello,
Any chance to get this patch applied?
Thanks!
On 09/04/2013 11:11 AM, Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id
New command line options for the seccomp blacklist feature:
$ qemu -sandbox on[,strict=on|off]
The strict parameter will turn on or off the new system call blacklist
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-options.hx | 8 +---
vl.c| 11 ++-
2
and do not
cause any damage to the general execution.
The environment in which the second whitelist is installed seems to need less
system calls than the first, so the procedure here will be the same: Keep
testing with virt-test and get to the smallest list as possible.
Eduardo Otubo (3):
seccomp
Adding a system call blacklist right before the vcpus starts. This filter is
composed by the system calls that can't be executed after the guests are up.
This list should be refined as the whitelist is, with as much testing as we can
do using virt-test.
Signed-off-by: Eduardo Otubo ot
1) On qemu-seccomp.c:255, the variable ctx was being used
uninitialized; now it's initialized with NULL and it's being checked at
the end of the function.
2) Changed the name of the command line option from enable to
sandbox for a better understanding from user side.
Signed-off-by: Eduardo
On 09/09/2013 09:36 AM, Paul Moore wrote:
On Monday, September 09, 2013 12:38:12 PM Paolo Bonzini wrote:
Il 06/09/2013 20:41, Eduardo Otubo ha scritto:
Hello,
Any chance to get this patch applied?
Thanks!
Paul, perhaps you can add yourself to MAINTAINERS and send a pull request
Add myself to the MAINTAINERS file. I'll be looking at qemu-seccomp.c
and include/sysemu/seccomp.h.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
As discussed in previous threads, I'm including myself to the MAINTAINERS file
so I can take care of the sandbox feature in Qemu
On 09/11/2013 01:49 PM, Daniel P. Berrange wrote:
On Wed, Sep 11, 2013 at 12:45:54PM -0400, Corey Bryant wrote:
On 09/06/2013 03:21 PM, Eduardo Otubo wrote:
New command line options for the seccomp blacklist feature:
$ qemu -sandbox on[,strict=on|off]
The strict parameter will turn
On 09/17/2013 11:43 AM, Paul Moore wrote:
On Tuesday, September 17, 2013 02:06:06 PM Daniel P. Berrange wrote:
On Tue, Sep 17, 2013 at 10:01:23AM -0300, Eduardo Otubo wrote:
Paul, what exactly are you planning to add to libvirt? I'm not a big
fan of using qemu command line to pass syscalls
On 09/17/2013 02:14 PM, Eduardo Otubo wrote:
On 09/17/2013 11:43 AM, Paul Moore wrote:
On Tuesday, September 17, 2013 02:06:06 PM Daniel P. Berrange wrote:
On Tue, Sep 17, 2013 at 10:01:23AM -0300, Eduardo Otubo wrote:
Paul, what exactly are you planning to add to libvirt? I'm not a big
On 09/17/2013 04:17 PM, Corey Bryant wrote:
On 09/17/2013 01:14 PM, Eduardo Otubo wrote:
On 09/17/2013 11:43 AM, Paul Moore wrote:
On Tuesday, September 17, 2013 02:06:06 PM Daniel P. Berrange wrote:
On Tue, Sep 17, 2013 at 10:01:23AM -0300, Eduardo Otubo wrote:
Paul, what exactly
On 09/13/2013 11:45 AM, Paul Moore wrote:
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id
On 09/23/2013 04:53 PM, Paul Moore wrote:
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id
From: Eduardo Otubo ot...@linux.vnet.ibm.com
This was causing Qemu process to hang when using -sandbox on as
discribed on RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Tested-by: Paul Moore pmo...@redhat.com
Acked-by: Paul Moore
Anthony,
The following changes since commit f828a4c8faa118e0ebab3e353ac6840f3b2a0318:
Merge remote-tracking branch 'stefanha/tracing' into staging (2013-09-23
11:53:22 -0500)
are available in the git repository at:
git://github.com/otubo/qemu.git seccomp
Eduardo Otubo (1):
seccomp
v2 update:
- set libseccomp 2.1.0 as requirement on configure script.
Since libseccomp 2.0 there's no need to check the architecture type
anymore.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
configure | 2 +-
qemu-seccomp.c | 13 -
2 files changed, 1 insertion
weeks testing I could come up with this small list,
and safely remove them without breaking anything.
[0] - https://github.com/autotest/virt-test/wiki
Eduardo Otubo (2):
seccomp: no need to check arch in syscall whitelist
seccomp: removing unused syscalls gtom whitelist
configure | 2
v3 update:
- reincluding getrlimit(), it is used by Xen.
v2 update:
- reincluding setrlimit(), it is used by Xen.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 4
1 file changed, 4 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 1d5fd71
Ended up my tests were inconclusive. So removing this one from this patch.
Resubmited a v3 without it.
Thanks for pointing that.
On 07/16/2013 02:49 PM, Paolo Bonzini wrote:
Il 16/07/2013 19:45, Eduardo Otubo ha scritto:
-{ SCMP_SYS(ugetrlimit), 241 },
Xen uses getrlimit, not sure
/sbin/brctl addif switch $1
Signed-off-by: Paul Moore pmo...@redhat.com
As with the other fix, a gentle nudge so this isn't forgotten.
Reviewed and tested.
Reviewed-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion
this by
adding the two missing asynchronous I/O syscalls.
Signed-off-by: Paul Moore pmo...@redhat.com
A gentle nudge so this fix doesn't get forgotten.
Reviewed and tested.
Reviewed-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c |2 ++
1 file changed, 2 insertions
Any chance to get it pushed for 1.6? Thanks.
On 07/23/2013 04:43 AM, Paolo Bonzini wrote:
Il 22/07/2013 20:33, Eduardo Otubo ha scritto:
In this small patch series I basically:
v3 update:
- reincluded getrlimit(), it's used by Xen.
v2 update:
- set libseccomp 2.1.0 as requirement
send a pull request tomorrow EOD)
Reviewed-by: Eduardo Otubo ot...@linux.vnet.ibm.com
--
Eduardo Otubo
IBM Linux Technology Center
On 11/21/2013 01:48 PM, Paul Moore wrote:
On Thursday, November 21, 2013 04:14:11 PM Paolo Bonzini wrote:
Il 30/10/2013 11:04, Stefan Hajnoczi ha scritto:
On Wed, Oct 23, 2013 at 12:42:34PM -0200, Eduardo Otubo wrote:
On 10/22/2013 11:00 AM, Anthony Liguori wrote:
On Tue, Oct 22, 2013
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 1d5fd71..bfd372a 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -108,7 +108,6 @@ static const struct QemuSeccompSyscall
Since libseccomp 2.0 there's no need to check the architecture type
anymore.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 13 -
1 file changed, 13 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index ca123bf..1d5fd71 100644
--- a/qemu
Hello all,
In this small patch series I basically:
1) Remove the ifdef's for the (not so) new libseccomp version that does
a
best effort and translates x86_32 syscalls into x86_64 when possible.
2) Remove unused syscalls on the seccomp whitelist. For that removal, I've
been
Hello all,
In this small patch series I basically:
1) Remove the ifdef's for the (not so) new libseccomp version that does
a
best effort and translates x86_32 syscalls into x86_64 when possible.
2) Remove unused syscalls on the seccomp whitelist. For that removal, I've
been
Sorry for the problem on my keyboard:
on the subject, please do s/gtom/from
On 07/15/2013 02:29 PM, Eduardo Otubo wrote:
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index
On 07/15/2013 03:55 PM, Paul Moore wrote:
On Monday, July 15, 2013 02:29:37 PM Eduardo Otubo wrote:
Since libseccomp 2.0 there's no need to check the architecture type
anymore.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 13 -
1 file changed, 13
On 07/15/2013 05:57 PM, Paolo Bonzini wrote:
Il 15/07/2013 19:29, Eduardo Otubo ha scritto:
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 1d5fd71..bfd372a 100644
Hello all,
In this small patch series I basically:
v2 update:
- set libseccomp 2.1.0 as requirement on configure script.
- removed setrlimit and added sendfile64 to the whitelist.
1) Remove the ifdef's for the (not so) new libseccomp version that does
a
best effort and
v2 update:
- set libseccomp 2.1.0 as requirement on configure script.
Since libseccomp 2.0 there's no need to check the architecture type
anymore.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
configure |2 +-
qemu-seccomp.c | 13 -
2 files changed, 1
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c |6 --
1 files changed, 0 insertions(+), 6 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 1d5fd71..c44f0d8 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -108,7 +108,6 @@ static const struct
On 07/16/2013 02:49 PM, Paolo Bonzini wrote:
Il 16/07/2013 19:45, Eduardo Otubo ha scritto:
-{ SCMP_SYS(ugetrlimit), 241 },
Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper
calls it?
It seems to be a glibc's wrapper, yes. Removing it anyway.
Why if Xen uses
On 07/18/2013 01:28 PM, Anthony Liguori wrote:
Eduardo Otubo ot...@linux.vnet.ibm.com writes:
Hello all,
In this small patch series I basically:
Cover letter should be marked [PATCH 0/2]. Otherwise it defeats
filtering.
Would like to see a Reviewed-by from someone before applying
...@redhat.com
Signed-off-by: Paul Moore pmo...@redhat.com
Acked-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 69cee44..cf07869 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
Anthony,
The following changes since commit 7dc65c02fe3fb8f3146ce0b9ff5fec5945329f0e:
Open 2.0 development tree (2013-11-27 14:02:45 -0800)
are available in the git repository at:
git://github.com/otubo/qemu.git seccomp
Paul Moore (1):
seccomp: add kill() to the syscall whitelist
this is likely the next big
improvement.
That's the feature I'm currently working on right now. We'll see some
improvements in the future. :)
--
Eduardo Otubo
IBM Linux Technology Center
goal here is to use virt-test and audit log to eliminate
these sorts of things.
--
Eduardo Otubo
IBM Linux Technology Center
with sandbox support: Libseccomp will fail - qemu will fail
nicely and won't stop execution.
2) Host kernel has support but Qemu package wasn't built with sandbox
feature. Qemu will fail nicely and won't stop execution.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 10
On 12/09/2013 03:33 PM, Daniel P. Berrange wrote:
On Mon, Dec 09, 2013 at 03:20:52PM -0200, Eduardo Otubo wrote:
This option was requested by virt-test team so they can run tests with
Qemu and -sandbox on set without breaking whole test if host doesn't
have support for seccomp in kernel
distro will have audit log
working properly, I can start working on some support for virt-test to
detect if the host machine has support for seccomp or if the Qemu binary
has this feature built in.
Again, sorry for the mess. Please disconsider this patch.
--
Eduardo Otubo
IBM Linux Technology
used in configure script.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 31 +++
1 files changed, 31 insertions(+), 0 deletions(-)
diff --git a/vl.c b/vl.c
index 9fea320..808f020 100644
--- a/vl.c
+++ b/vl.c
@@ -62,6 +62,14 @@
#include linux/ppdev.h
of the API have changed in this last
release, had to adapt to the new function signatures.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 139
qemu-seccomp.h | 22 +
2 files changed, 161 insertions(+), 0
sometimes is
unpredictable (as stated in man 7 signals). That's why I deliberately
used write() and _exit() functions, and had the string-to-int helper
functions as well.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp-debug.c | 95
=e2cfabdfd075648216f99c2c03821cf3f47c1727
[2] - https://lkml.org/lkml/2012/4/12/457
[3] -
http://sourceforge.net/mailarchive/forum.php?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss
Eduardo Otubo (4):
Adding support for libseccomp in configure and Makefile
Adding qemu-seccomp.[ch
options added:
--enable-seccomp-debug
--disable-seccomp-debug
Enabling debug will cause libseccomp to be configured with
SCMP_ACT_TRAP. This will help users/developers to catch system calls
that were not previously whitelisted.
Signed-off-by: Eduardo Otubo ot
On Fri, Aug 03, 2012 at 03:54:40PM -0500, Anthony Liguori wrote:
Eduardo Otubo ot...@linux.vnet.ibm.com writes:
The new 'trap' (debug) mode will capture the illegal system call before it
is
executed. The feature and the implementation is based on Will Drewry's
patch - https://lkml.org
On Mon, Aug 06, 2012 at 10:19:40AM -0300, Eduardo Otubo wrote:
On Fri, Aug 03, 2012 at 03:54:40PM -0500, Anthony Liguori wrote:
Eduardo Otubo ot...@linux.vnet.ibm.com writes:
The new 'trap' (debug) mode will capture the illegal system call before
it is
executed. The feature
-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
Makefile.objs |6 ++
configure | 22 ++
2 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/Makefile.objs b/Makefile.objs
index 5ebbcfa..13db9f3 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -96,6 +96,12
v1:
* Full seccomp calls and data included in vl.c
v2:
* Full seccomp calls and data removed from vl.c and put into separate
qemu-seccomp.[ch] file.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 13 +
1 files changed, 13 insertions(+), 0 deletions(-)
diff
of the API have changed in this last
release, had to adapt to the new function signatures.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 139
qemu-seccomp.h | 22 +
2 files changed, 161 insertions(+), 0
/
[1] -
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
[2] - https://lkml.org/lkml/2012/4/12/457
[3] -
http://sourceforge.net/mailarchive/forum.php?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss
Eduardo Otubo (3
/
[1] -
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
[2] - https://lkml.org/lkml/2012/4/12/457
[3] -
http://sourceforge.net/mailarchive/forum.php?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss
Eduardo Otubo (3
v1:
* Full seccomp calls and data included in vl.c
v2:
* Full seccomp calls and data removed from vl.c and put into separate
qemu-seccomp.[ch] file.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 13 +
1 files changed, 13 insertions(+), 0 deletions(-)
diff
of the API have changed in this last
release, had to adapt to the new function signatures.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 139
qemu-seccomp.h | 22 +
2 files changed, 161 insertions(+), 0
-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
Makefile.objs |6 ++
configure | 22 ++
2 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/Makefile.objs b/Makefile.objs
index 5ebbcfa..13db9f3 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -96,6 +96,12
?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss
Eduardo Otubo (4):
Adding support for libseccomp in configure and Makefile
Adding qemu-seccomp.[ch]
Adding seccomp calls to vl.c
Command line support for seccomp with -sandbox
Makefile.objs |6 ++
configure | 22
-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
Makefile.objs |6 ++
configure | 22 ++
2 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/Makefile.objs b/Makefile.objs
index 5ebbcfa..13db9f3 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -96,6 +96,12
v1:
* Full seccomp calls and data included in vl.c
v2:
* Full seccomp calls and data removed from vl.c and put into separate
qemu-seccomp.[ch] file.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 13 +
1 files changed, 13 insertions(+), 0 deletions(-)
diff
v7:
* New in v7
* The seccomp filter can be switched on and off using the command line
option -sandbox, the default value is off.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-config.c | 13 +
qemu-config.h |1 +
qemu-options.hx | 10 ++
vl.c
of the API have changed in this last
release, had to adapt to the new function signatures.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 141
qemu-seccomp.h | 22 +
2 files changed, 163 insertions(+), 0
/projects/libseccomp/
[1] -
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
[2] - https://lkml.org/lkml/2012/4/12/457
Eduardo Otubo (4):
Adding support for libseccomp in configure and Makefile
Adding qemu-seccomp.[ch]
Adding
open() and execve() to the whitelis
v4:
* Tests revealed a bigger set of syscalls.
* seccomp_start() now has an argument to set the mode according to the
configure option trap or kill.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 126
used in configure script.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 31 +++
1 file changed, 31 insertions(+)
diff --git a/vl.c b/vl.c
index 46248b9..8dc9432 100644
--- a/vl.c
+++ b/vl.c
@@ -62,6 +62,14 @@
#include linux/ppdev.h
#include linux
sometimes is
unpredictable (as stated in man 7 signals). That's why I deliberately
used write() and _exit() functions, and had the string-to-int helper
functions as well.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp-debug.c | 95
options added:
--enable-seccomp-debug
--disable-seccomp-debug
Enabling debug will cause libseccomp to be configured with
SCMP_ACT_TRAP. This will help users/developers to catch system calls
that were not previously whitelisted.
Signed-off-by: Eduardo Otubo ot
On Tue, Jul 17, 2012 at 04:19:11PM -0300, Eduardo Otubo wrote:
Hello all,
This patch is an effort to sandbox Qemu guests using Libseccomp[0]. The
patches
that follows are pretty simple and straightforward. I added the correct
options
and checks to the configure script and the basic calls
;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
Eduardo Otubo (2):
Adding support for libseccomp in configure
Adding basic calls to libseccomp in vl.c
configure | 25 +++
qemu-seccomp.c | 73
qemu-seccomp.h
making the configure script to add the specific
line to Makefile.obj in order to compile with appropriate support to seccomp.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
configure | 25 +
1 file changed, 25 insertions(+)
diff --git a/configure b/configure
issues
Removed code from vl.c and created qemu-seccomp.[ch]
Now using ARRAY_SIZE macro
Added more syscalls without priority/frequency set yet
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 73
=e2cfabdfd075648216f99c2c03821cf3f47c1727
--
Eduardo Otubo
Software Engineer
Linux Technology Center
IBM Systems Technology Group
Mobile: +55 19 8135 0885
eot...@linux.vnet.ibm.com
=e2cfabdfd075648216f99c2c03821cf3f47c1727
Eduardo Otubo (2):
Adding support for libseccomp in configure and Makefile
Creating qemu-seccomp.[ch] and adding call to vl.c
Makefile.objs |4 +++
configure | 23 +++
qemu-seccomp.c | 88
() to the whitelis
The whitelist is getting bigger and complete, maybe it's time to drop
the RFC tag.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 88
qemu-seccomp.h | 23 +++
vl.c | 11
-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
Makefile.objs |4
configure | 23 +++
2 files changed, 27 insertions(+)
diff --git a/Makefile.objs b/Makefile.objs
index 74110dd..c0620bf 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -95,6 +95,10 @@ common-obj-y += qemu
My apologies, I forgot to add the v3 into the PATCH tag.
On Thu, Jun 21, 2012 at 07:10:36PM -0300, Eduardo Otubo wrote:
Hello all,
This is the third effort to sandbox Qemu guests using Libseccomp[0]. The
patches that follows are pretty simple and straightforward. I added the
correct
Seccomp syscall whitelist updated after tests running qemu under
libvirt. Reference to the bug -
https://bugzilla.redhat.com/show_bug.cgi?id=855162
Regards,
---
qemu-seccomp.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/qemu-seccomp.c
Seccomp syscall whitelist updated after tests running qemu under
libvirt. Reference to the bug -
https://bugzilla.redhat.com/show_bug.cgi?id=855162
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 21 -
1 file changed, 20 insertions(+), 1 deletion
Anyone interested in taking a look at this piece of code? Thanks!
On Fri, Sep 21, 2012 at 09:40:33AM -0300, Eduardo Otubo wrote:
Seccomp syscall whitelist updated after tests running qemu under
libvirt. Reference to the bug -
https://bugzilla.redhat.com/show_bug.cgi?id=855162
Signed-off
On Wed, Sep 26, 2012 at 11:14:29AM -0400, Paul Moore wrote:
On Thursday, September 20, 2012 06:00:59 PM Eduardo Otubo wrote:
Seccomp syscall whitelist updated after tests running qemu under
libvirt ...
Hi Eduardo,
I know from our discussions offlist that you have an additional debugging
/libseccomp/
[1] -
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
Eduardo Otubo (2):
Adding support for libseccomp in configure
Adding basic calls to libseccomp in vl.c
configure | 23 ++
vl.c | 81
Adding basic options to the configure script to use libseccomp or not.
The default is set to 'no'. If the flag --enable-libseccomp is used, the
script will check for its existence using pkg-config.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
configure | 23
after another. The priority system places the most common rules first
in order to reduce the overhead when processing them.
Also, since this is just a first RFC, the whitelist is a little raw. We might
need your help to improve, test and fine tune the set of system calls.
Signed-off-by: Eduardo
On Fri, May 04, 2012 at 11:59:00PM +0200, Andreas Färber wrote:
Am 04.05.2012 21:08, schrieb Eduardo Otubo:
I added a syscall struct using priority levels as described in the
libseccomp
man page. The priority numbers are based to the frequency they appear in a
sample strace from
of vl.c, so that all hairiness can be added as
appropriate.
I thought it would be overkill the create a new seccomp.[c|h] just for this
purpose. But yes, we can start thinking about that since the features might
grow in the future.
Thanks for the comments,
Regards
--
Eduardo Otubo
Software Engineer
On Wed, Aug 15, 2012 at 09:22:20AM -0500, anth...@codemonkey.ws wrote:
Hi,
Today is the hard freeze for 1.2. If you have any pull requests and/or
patches targetted for the hard freeze, please send them by 3pm
US/Central time today and clearly mark them for-1.2.
If there are existing
On Wed, Aug 15, 2012 at 05:44:38PM -0500, Anthony Liguori wrote:
Hi,
I attempted to apply Eduardo's seccomp patches and ran into a number of
problems. In the interest of time, I thought it would be easier for me to fix
them and just respin the series myself.
I've tested this as best I
Now the seccomp filter will be set to on even if no argument
-sandbox is given.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
configure | 2 +-
vl.c | 38 +++---
2 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/configure b
This patch includes a second whitelist right before the main loop. It's
a smaller and more restricted whitelist, excluding execve() among many
others.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 94 --
qemu
1 - 100 of 454 matches
Mail list logo